What's new
Enterprise Security Content Updates v3.40.0 was released on May 24, 2022. It includes the following enhancements.
New analytic story
- F5 BIG-IP Vulnerability CVE-2022-1388
- Insider Threat
- VMware Server Side Injection and Privilege Escalation
Updated analytic story
- Industroyer2
- Windows Drivers
New analytics
- F5 BIG-IP iControl REST Vulnerability CVE-2022-1388
- Linux Adding Crontab Using List Parameter
- Linux Deleting Critical Directory Using RM Command
- Linux Disable Services
- Linux High Frequency Of File Deletion In Boot Folder
- Linux Shred Overwrite Command
- Linux Stop Services
- VMware Server Side Template Injection Hunt
- VMware Workspace ONE Freemarker Server-side Template Injection
- Windows Driver Load Non-Standard Path
- Windows Service Create Kernel Mode Driver
- Windows System File on Disk
- Windows Hidden Schedule Task Settings
- Windows Linked Policies In ADSI Discovery
- Windows Processes Killed By Industroyer2 Malware
- Windows Root Domain linked policies Discovery
Updated analytics
- AWS Create Policy Version to allow all resources
- Cobalt Strike Named Pipes
- Linux Account Manipulation of SSH Config and Keys
- Linux deletion of SSH Hash Conf
- Schtasks scheduling job on remote system
Other updates
- Updated mitre map layer version to 4.3 to match the new navigator
- Fixed a
contentctl
bug to generate correcttranforms.conf
andcollections.conf
for kvstore based lookups - Fixed a bug on the research site to render links correctly
- Removed all binaries from the
bin/
directory in the ESCU package
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.40.0
Feedback submitted, thanks!